Starting the Transaction server Docker container by retrieving parameters from Vault

Learn about how to start Transaction server Docker container by specifying CONFIGURE_MODE=Vault.

Mandatory parameters

These are the mandatory parameters that you need to specify to configure the container to retrieve more parameters from Vault.

Note: You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault.
Parameter name (key) Value Configuration
TENANT The name of the group that contains your set of environments. For example, MyCompany. Container environment variable
ENVIRONMENT The name of the environment. For example, Non-production. Container environment variable
ENVTYPE The environment type. Accepted values are auth and live. Container environment variable
VAULT_TOKEN The Vault token to use to connect to Vault and request certification from Vault PKI. Container environment variable
VAULT_URL The Vault URL to use to connect to Vault and request certification from Vault PKI. Container environment variable
STOREWEB_HOST A unique hostname for use with Management Center Store preview. If you are using DC/OS, this is the internal DNS in DC/OS. For example, store-wytryqaauth.cn.ibm.com.
Note: If you have multiple stores running on multiple domains, you can configure your domains to redirect to STOREWEB_HOST to ensure that preview works for all stores.
Container environment variable
SPIUSER_NAME Your SPIUSER name. The default value is spiuser.
Note: From version 9.1.7.0 onward, the SPIUSER_NAME parameter is optional. If it is not specified, then the default value is assumed.
Container environment variable/Vault
SPIUSER_PWD The encrypted password for the spiuser. For more information, see Setting the spiuser password in your Docker images. Container environment variable/Vault
DBHOST The database hostname. Container environment variable/Vault
DBNAME The name of the database. Container environment variable/Vault
DBUSER The database user name. Container environment variable/Vault
DBPASS The database user password. Container environment variable/Vault
DBPORT The database port. Container environment variable/Vault
DBAUSER The database administrator. Container environment variable/Vault
DBAPASSENCRYPT The database administrator password that is encrypted with wcs_encrypt.sh. Container environment variable/Vault
DBPASSENCRYPT The database user password that is encrypted with wcs_encrypt.sh. Container environment variable/Vault
ELASTICSEARCH Whether the Elasticsearch-based search solution is in use or not.
Accepted values are:
  • true for the Elasticsearch-based search solution;
  • Or false for the Solr-based search solution.
Container environment variable/Vault

Optional parameters

These are optional parameters. You can pass these parameters as container environment variables, or you can store them in Vault. If you store the key-value pairs in Vault, the /SETUP/bin/vaultConfigure.sh script retrieves the values from Vault. All parameters that you specify as container environment variables take precedence over the values that are stored in Vault.

Parameter name (key) Value
DOMAIN_NAME The internal service domain name. The default value is : default.svc.cluster.local. If the deployed environment is on a special namespace on Kubernetes, the domain name should be .svc.cluster.local.
EXTERNAL_DOMAIN_NAME The external domain name specifies the store-web external domain name, which can be recognized by your browser.

For example, in the hostname store.demo4qaauth.hcl.com, hcl.com would be the external domain name.

DB_SSLENABLE Determines whether to enable SSL protocol for connections to the database.

Valid values are true or false. The default value is false.

You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault.

DB_XA Specify if the XA function has been enabled for database. Default value is false. You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault.
DBHOST_LIVE
Note: If you need to point to a different live database, you need to specify all of the related parameters. You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault.
The database hostname in the live environment.
DBNAME_LIVE The name of the database in the live environment.
DBPASS_LIVE The database user password in the live environment.
DBPORT_LIVE The database port in the live environment.
DBUSER_LIVE The database user name in the live environment.
DB_SSLENABLE_LIVE Determines whether to enable SSL protocol for connections to the live database.

Valid values are true or false. The default value is false.

You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault.

DB_XA_LIVE Specify if the XA function has been enabled for the live database. The default value is false.

You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault.

DBTYPE The database type.
Accepted values are:
  • db2 for IBM Db2 Database;
  • oracle for Oracle Database.
MERCHANTKEY_ENCRYPT The encrypted merchant key value, encrypted with the key encryption key. The merchant key was created when you or an administrator loaded the HCL Commerce database schema.
For more information, see:
Important: You must specify your own merchant key and key encryption key values for the security of your HCL Commerce installation. Do not use the default values contained within the provided sample configuration files and documentation examples.
HCL Commerce Version 9.1.9.0 or laterKEY_ENCRYPTION_KEY The plain text key that is used to encrypt the merchant key. The key encryption key is required to be 32 characters.
LOCALSTOREWEB The web server host name of a local store if you migrated from WebSphere Commerce Version 7 or WebSphere Commerce Version 8.
HEALTH_CENTER_ENABLED Determines whether Health Center is enabled.

The default value is false.

adminPassword The password for user configadmin, which is used to access the WebSphere Application Server Administrative Console.
TRACE_SPEC Set trace specifications.

For more information about trace, see Trace components.

KAFKA_SERVERS
Note: The KAFKA_SERVERS, ZOOKEEPER_SERVERS, and KAFKA_TOPIC_PREFIX parameters must be provided together.
The Kafka server. Works with ZOOKEEPER_SERVERS if you want to configure the container to catch validation.
ZOOKEEPER_SERVERS Works with KAFKA_SERVERS, if you want to configure the container to catch validation.
KAFKA_TOPIC_PREFIX KAFKA_TOPIC_PREFIX is used to compose the queue name for the cache invalidation.
SESSION_KEY_ENCRYPT The encrypted session key.
SEARCH_HOST The Search server host name. This parameter value depends on which search service you are using, and the environment type.
SEARCH_PORT The Search server port number.
SEARCH_SCHEME The Search server scheme.

The default value is https.

SEARCH_REPEATER_HOST The host name of the search repeater.
Note: This parameter is only required for a live HCL Commerce environment with Solr-based search.
INGEST_HOST The Ingest service hostname.
Note: This parameter is only required with the Elasticsearch-based search solution.
INGEST_PORT The Ingest service port number.
Note: This parameter is only required with the Elasticsearch-based search solution.
INGEST_SCHEME The Ingest service scheme.
Note: This parameter is only required with the Elasticsearch-based search solution.
ELASTICSEARCH_HOST The Elasticsearch service hostname.
Note: This parameter is only required with the Elasticsearch-based search solution.
ELASTICSEARCH_PORT The Elasticsearch service port number.
Note: This parameter is only required with the Elasticsearch-based search solution.
ELASTICSEARCH_SCHEME The Elasticsearch service scheme.
Note: This parameter is only required with the Elasticsearch-based search solution.
XC_HOST The Customization server host name.
XC_PORT The Customization server port number.
STORE_HOST The Store server host name.
STORE_PORT The Store server port number.
STOREWEB_HOST The Store Web server host.
STOREWEB_PORT The Store Web server port number.
REACT_STORE_HOST The React-based store host name.
Note: This parameter is only required with the Elasticsearch-based search solution.
REACT_STORE_PORT The React-based store port number.
Note: This parameter is only required with the Elasticsearch-based search solution.
REACT_STORE_SERVICE_HOST The React-based store service host name.
Note: This parameter is only required with the Elasticsearch-based search solution.
REACT_STORE_SERVICE_PORT The React-based store service port number.
Note: This parameter is only required with the Elasticsearch-based search solution.
JVM_CONTAINER_SUPPORT An experimental parameter to enable JVM container support by removing the default JVM heapsize and adding the JVM parameter -XX:+UseContainerSupport.
JWKS The Commerce tooling SPA uses JWT for API authentication.

Update this value to set the JWKS and keyID in order to sign and validate the JWT. The JWKS can be generated by the generateJWKS utility.

TOOLING_BASE_URL This value is used by Management Center for HCL Commerce to load the Tooling SPA from the Tooling web server.
REDIS_PASSWORD_ENCRYPT The Redis server password.
EXPOSE_METRICS Specify if you want to enable metrics for the commerce environment.
DX_HOST The HCL Digital Experience (DX) host name. This is required to integrate HCL Commerce with DX.
Note: This integration is only supported on a Kubernetes deployment.
DX_PORT The HCL Digital Experience (DX) port number.

The default value is set to 443 if the DX hostname has been set and there is no custom value specified.

DX_SCHEME The HCL Digital Experience (DX) scheme.

The default value is set to https if the DX hostname has been set and there is no custom value specified.

HCL Commerce Version 9.1.9.0 or laterLDAP_BIND_PASSWD The LDAP bind password XOR encoded by the WebSphere Application Server PropFilePasswordEncoder utility.

For more information on the PropFilePasswordEncoder utility, see PropFilePasswordEncoder command reference in the WebSphere Application Server documentation.

HCL Commerce Version 9.1.9.0 or laterLDAP_TYPE The LDAP server type.
Accepted values are:
  • IDS for IBM Directory Server
  • DOMINO for IBM Lotus Domino
  • SUNONE for Sun Java System Directory Server
  • AD for Microsoft Windows Active Directory
  • NDS for Novell Directory Services
  • CUSTOM for a custom directory server
HCL Commerce Version 9.1.9.0 or laterLDAP_HOST The fully qualified LDAP server host name.
HCL Commerce Version 9.1.9.0 or laterLDAP_PORT The LDAP server port number.
HCL Commerce Version 9.1.9.0 or laterLDAP_SSL Specify whether the LDAP server requires an SSL connection.
Accepted values are:
  • true for SSL.
  • false for no SSL.
HCL Commerce Version 9.1.9.0 or laterLDAP_BIND_DN The LDAP bind distinguished name (DN). The value must be in lower case.
HCL Commerce Version 9.1.9.0 or laterLDAP_LOGIN_PROP The LDAP property names that are used to log into the application server.
HCL Commerce Version 9.1.9.0 or laterLDAP_BASE_DN The LDAP search base distinguished name (DN). The value must be in lower case.
HCL Commerce Version 9.1.9.0 or laterLDAP_REALM_NAME Specify a value for the Realm name, instead of using the default value.

The default value is myrealm.

Note: If you are integrating with HCL Digital Experience, you must use the same Realm name for both.
HCL Commerce Version 9.1.9.0 or laterLDAP_USER_FILTER The LDAP user search filter. Only used for the custom LDAP type.
HCL Commerce Version 9.1.9.0 or laterLDAP_USER_PREFIX The LDAP user prefix.
HCL Commerce Version 9.1.10.0 or latermqEnable Specify whether to enable IBM MQ integration.
Accepted values are:
  • true for IBM MQ integration.
  • false for no IBM MQ integration.
HCL Commerce Version 9.1.10.0 or latermqEnableActivitySessionTimoutPeriod The session timeout value.
HCL Commerce Version 9.1.10.0 or latermqMaxConnection The maximum number of connections allowed with IBM MQ.
HCL Commerce Version 9.1.10.0 or latermqHost The hostname of the IBM MQ server.
HCL Commerce Version 9.1.10.0 or latermqPort The port number of the IBM MQ server.
HCL Commerce Version 9.1.10.0 or latermqQueueManagerName The IBM MQ Queue Manager used by HCL Commerce to connect to the IBM MQ server.
HCL Commerce Version 9.1.10.0 or latermqErrorQueueName The IBM MQ Error Queue Name.
HCL Commerce Version 9.1.10.0 or latermqInboundQueueName The IBM MQ Queue Name.
HCL Commerce Version 9.1.10.0 or latermqSerialInboundQueueName The IBM MQ Queue Name to process messages in series.
HCL Commerce Version 9.1.10.0 or latermqParallelInboundQueueName The IBM MQ Queue Name to process messages in parallel.
HCL Commerce Version 9.1.10.0 or latermqOutboundQueueName The IBM MQ Outbound Queue Name.